CVE-2021-39929

HIGH

Wireshark < 3.2.17 - Denial of Service

Title source: rule

Description

Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

References (8)

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/

[Third Party Advisory] https://www.debian.org/security/2021/dsa-5019

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html

[Third Party Advisory] https://security.gentoo.org/glsa/202210-04

[Third Party Advisory] https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39929.json

View Writeup ZIP pw:eip

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://gitlab.com/wireshark/wireshark/-/issues/17651

[Vendor Advisory] https://www.wireshark.org/security/wnpa-sec-2021-07.html

Scores

CVSS v3 7.5

EPSS 0.0016

EPSS Percentile 36.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-674

Status published

Products (6)

debian/debian_linux 9.0

debian/debian_linux 10.0

debian/debian_linux 11.0

fedoraproject/fedora 34

fedoraproject/fedora 35

wireshark/wireshark 3.2.0 - 3.2.17

Published Nov 19, 2021

Tracked Since Feb 18, 2026